Cryptopolitan on MSN

Malicious packages empty dYdX user wallets

dYdX has been targeted by bad actors using malicious packages to empty its user wallets.
Communications of the ACM

A Decade of Docker Containers

Docker is a widely used developer tool that first simplifies the assembly of an application stack (docker build), then allows for the rapid distribution of the resulting executabl ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
InfoWorld

GlassFish 8 Java server boosts data access, concurrency

Update implements Jakarta EE 11 platform and brings support for Jakarta Data repositories and virtual threads.
CSO Online

Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a ...